What: Hackers have contacted Harrods following a data breach involving customer information stolen from a third-party provider.

Why it is important: Harrods’ response illustrates the importance of human-centric crisis strategies in maintaining customer trust during cyber incidents.

Harrods’ latest data breach, in which hackers made direct contact with the retailer after accessing customer information via a third-party provider, exemplifies the escalating cybersecurity challenges in luxury retail. The breach has forced Harrods to confront not only the technical aspects of data protection but also the reputational and regulatory risks that accompany such incidents. The retailer’s decision to refuse engagement with the hackers and to communicate openly with affected customers reflects a crisis management strategy that prioritises transparency and trust. This event follows a series of cyberattacks across the retail sector, including a previous attack on Harrods in May 2025 and significant breaches at Marks & Spencer, which resulted in lawsuits and financial losses. These cases have underscored the vulnerability of retailers to third-party risks and the necessity of robust vendor management and integrated security measures. As regulatory scrutiny intensifies and customer expectations for data protection rise, Harrods’ experience demonstrates that effective crisis communication and a human-centric approach are essential for sustaining brand loyalty and operational resilience in the face of digital threats.

IADS Notes: The Harrods breach in September 2025 (BoF, Retail Week) mirrors a critical escalation in retail cyber threats observed throughout the year, with ransomware and third-party vulnerabilities causing substantial financial and reputational damage. Notable incidents at Marks & Spencer in May 2025 (Drapers, Financial Times) and a previous Harrods attack in May 2025 (Retail Week) have shown how these breaches disrupt operations, erode customer trust, and lead to legal consequences. Across these cases, transparent crisis management and robust vendor oversight have emerged as essential strategies for maintaining customer relationships and business continuity.

Hackers make contact with Harrods following data breach